System changes after Kaspersky Security for Windows Server installation

Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Installing and removing the application

System changes after Kaspersky Security for Windows Server installation

June 10, 2022

ID 147612

When Kaspersky Security for Windows Server and the set of "Administration Tools" (including the Application Console) are installed together, the Windows Installer service will make the following modifications on the protected device:

Kaspersky Security for Windows Server folders are created on the protected device and on the protected device where the Application Console is installed.
Kaspersky Security for Windows Server services are registered.
Kaspersky Security for Windows Server user group is created.
Kaspersky Security for Windows Server keys are registered in the system registry.

These changes are described below.

Kaspersky Security for Windows Server folders on a protected device

When Kaspersky Security for Windows Server is installed, the following folders are created on a protected device:

Kaspersky Security for Windows Server default installation folder containing the Kaspersky Security for Windows Server executable files depend on the operating system bit set. Therefore, the default installation folders are as follows:
- On the 32-bit version of Microsoft Windows: %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Windows Server\
- On the 64-bit version of Microsoft Windows: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for Windows Server\
Management Information Base (MIB) files containing a description of the counters and hooks published by Kaspersky Security for Windows Server via the SNMP protocol:
- %Kaspersky Security for Windows Server%\mibs
64-bit versions of Kaspersky Security for Windows Server executable files (this folder will be created only during installation of Kaspersky Security for Windows Server on the 64-bit version of Microsoft Windows):
- %Kaspersky Security for Windows Server%\x64
Kaspersky Security for Windows Server service files:
- %ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Data\
- %ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Settings\
- %ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Dskm\
For Windows XP the path to the Kaspersky Lab folder is %ALLUSERSPROFILE%\Application Data\.
Files with settings for update sources:
%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Update\

%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Update\
Updates of databases and software modules downloaded using the Copying Updates task (the folder will be created the first time updates are downloaded using the Copying Updates task).
%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Update\Distribution\
Task logs and system audit log.
%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Reports\
Set of databases currently in use.
%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Bases\Current\
Backup copies of databases; they are overwritten each time the databases are updated.
%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Bases\Backup\
Temporary files created during execution of update tasks.
%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Bases\Temp\
Quarantined objects (default folder).
%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Quarantine\
Objects in backup (default folder).
%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Backup\
Objects restored from backup and quarantine (default folder for restored objects).
%ProgramData%\Kaspersky Lab\Kaspersky Security for Windows Server\11\Restored\

Folder created during installation of Application Console

The Application Console default installation folders containing the "Administration Tools" files depend on the operating system bit set. Therefore, the default installation folders are as follows:

On the 32-bit version of Microsoft Windows: %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Windows Server Admins Tools\
On the 64-bit version of Microsoft Windows: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for Windows Server Admins Tools\

Kaspersky Security for Windows Server services

The following Kaspersky Security for Windows Server services start using the local system (SYSTEM) account:

Kaspersky Security Service (KAVFS) – essential Kaspersky Security for Windows Server service that manages Kaspersky Security for Windows Server tasks and workflows.
Kaspersky Security Management Service (KAVFSGT) – this service is intended for Kaspersky Security for Windows Server application management through the Application Console.
Kaspersky Security Exploit Prevention Service (KAVFSSLP)– a service that acts as an intermediary to communicate security settings to external security agents, and to receive data about security events.
Kaspersky Security Script Checker Service (KAVFSSCS) – this service is started along with the Script Monitoring task and allows to control the execution of scripts created using Microsoft Windows scripting technologies.

Kaspersky Security for Windows Server group

KAVWSEE Administrators is a group on the protected device, which users have full access to the Kaspersky Security Management Service and to all Kaspersky Security for Windows Server functions.

System registry keys

When Kaspersky Security for Windows Server is installed, the following system registry keys are created:

Properties of the Kaspersky Security for Windows Server: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFS]
Kaspersky Security for Windows Server event log settings (Kaspersky Event Log): [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Kaspersky Security]
Properties of the Kaspersky Security for Windows Server management service: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFSGT]
Performance counter settings:
- On the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kaspersky Security\Performance]
- On the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kaspersky Security x64\Performance]
SNMP Protocol Support component settings:
- On the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\WSEE\11\SnmpAgent]
- On the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\WSEE\11\SnmpAgent]
Dump file settings:
- On the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\WSEE\11\CrashDump]
- On the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\WSEE\11\CrashDump]
Trace file settings:
- On the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\WSEE\11\Trace]
- On the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\WSEE\11\Trace]
Configuration of the application's tasks and functions: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\WSEE\11\Environment]

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats

Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.